With advances in technology, companies are now collecting far greater quantities of data about their business processes and assets than before. However, existing assurance processes rarely benefit from this data, which limits access to richer insight and may lead to false assurance on performance. There is also the potential for legal implications following an accident, in which a company may be judged to have failed to act on data that indicated an accident was foreseeable. Data-driven modelling approaches better exploit the value of these new sources of disparate data and are readily transferrable into multiple industries, such as utilities, transportation and oil & gas. This viewpoint describes the successful application of this approach in the utility sector, which has led to improved business efficiency by better allocation of limited assurance and operational management resources.

Data usage challenges

Current advances in technology enable companies to capture large volumes of previously unavailable data about their businesses, such as asset conditions and deviations from expected performance by assets or employees. However, the existing assurance processes in some companies often do not exploit these richer sources of data and, as such, can provide a limited or potentially misleading positive report that risks are low. Such data can be overlooked, or seen as too complex to understand or not directly linked to business risk. As such, these remain unused in databases, providing no value.The collected data is often distributed across multiple databases, with no individual having a holistic view. There is therefore a challenge in turning the data into information to provide insight into the business performance and enable more robust decision-making to improve productivity and risk management. There is further reputational and legal risk, should an accident or other loss event occur: that the business will be perceived as having had access to the data (i.e., knowledge of the precursors of the event), but failed to act upon it in order to prevent the incident (“guilty knowledge”). Such foreseeability can be a pivotal argument in prosecutions. Using multiple databases also creates inevitable consistency issues. One database might show employee productivity, while another shows driving telematics data for the same group of employees, but employee identification records cannot be cross-referenced. In our experience, this can be a symptom of managers in different functions working in silos, with limited cross-functional engagement across disparate databases.

Development of a data-driven risk model

We have developed a four-step approach for building a data-driven risk model, which accounts for multiple databases and addresses the data challenges raised in this paper. For example, it can reveal inconsistencies between databases, highlighting the value to be gained by operational and support unctions working together.

Step 1: Review available data from databases across multiple business functions, paying particular attention to that which the assurance function previously overlooked.Step 2: Analyze correlations between data and the undesired acts or events, and unpick components of the data to find parameters with strong predictive ability.Step 3: Develop and validate a multi-variable risk model based on these correlations, rather than a traditional model that uses only two or three sources. Step 4: Create a set of principles for adjusting the model regularly when more data become available. Brief senior management on the model outputs and how they can use it to drive actions that generate benefits such as business-efficiency enhancement and cost reduction.

This is a scalable approach. Modern analytical techniques can encompass practically unlimited amounts of data and data sources.